EP4277207A3 - Network telemetry collection with packet metadata filtering - Google Patents
Network telemetry collection with packet metadata filtering Download PDFInfo
- Publication number
- EP4277207A3 EP4277207A3 EP23201071.0A EP23201071A EP4277207A3 EP 4277207 A3 EP4277207 A3 EP 4277207A3 EP 23201071 A EP23201071 A EP 23201071A EP 4277207 A3 EP4277207 A3 EP 4277207A3
- Authority
- EP
- European Patent Office
- Prior art keywords
- telemetry
- exporter
- traffic
- network telemetry
- packet metadata
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001914 filtration Methods 0.000 title 1
- 230000006835 compression Effects 0.000 abstract 1
- 238000007906 compression Methods 0.000 abstract 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Medical Informatics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Computational Linguistics (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/693,885 US11563771B2 (en) | 2019-11-25 | 2019-11-25 | Network telemetry collection with packet metadata filtering |
EP20208474.5A EP3826261B1 (en) | 2019-11-25 | 2020-11-18 | Network telemetry collection with packet metadata filtering |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20208474.5A Division EP3826261B1 (en) | 2019-11-25 | 2020-11-18 | Network telemetry collection with packet metadata filtering |
EP20208474.5A Division-Into EP3826261B1 (en) | 2019-11-25 | 2020-11-18 | Network telemetry collection with packet metadata filtering |
Publications (2)
Publication Number | Publication Date |
---|---|
EP4277207A2 EP4277207A2 (en) | 2023-11-15 |
EP4277207A3 true EP4277207A3 (en) | 2024-02-21 |
Family
ID=73476052
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20208474.5A Active EP3826261B1 (en) | 2019-11-25 | 2020-11-18 | Network telemetry collection with packet metadata filtering |
EP23201071.0A Pending EP4277207A3 (en) | 2019-11-25 | 2020-11-18 | Network telemetry collection with packet metadata filtering |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20208474.5A Active EP3826261B1 (en) | 2019-11-25 | 2020-11-18 | Network telemetry collection with packet metadata filtering |
Country Status (2)
Country | Link |
---|---|
US (2) | US11563771B2 (en) |
EP (2) | EP3826261B1 (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10903985B2 (en) | 2017-08-25 | 2021-01-26 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Monitoring encrypted network traffic flows in a virtual environment using dynamic session key acquisition techniques |
US10893030B2 (en) | 2018-08-10 | 2021-01-12 | Keysight Technologies, Inc. | Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element |
US11190417B2 (en) * | 2020-02-04 | 2021-11-30 | Keysight Technologies, Inc. | Methods, systems, and computer readable media for processing network flow metadata at a network packet broker |
US11212219B1 (en) * | 2020-06-26 | 2021-12-28 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | In-band telemetry packet size optimization |
US11895193B2 (en) * | 2020-07-20 | 2024-02-06 | Juniper Networks, Inc. | Data center resource monitoring with managed message load balancing with reordering consideration |
US20220070223A1 (en) * | 2020-08-31 | 2022-03-03 | Palo Alto Networks, Inc. | Security platform with external inline processing of assembled selected traffic |
US12010141B1 (en) | 2021-06-24 | 2024-06-11 | Airgap Networks Inc. | System gateway while accessing protected non-web resources connected to internet |
US11936726B2 (en) * | 2021-10-12 | 2024-03-19 | Pensando Systems Inc. | Methods and systems for implementing traffic mirroring for network telemetry |
US11711279B2 (en) | 2021-10-26 | 2023-07-25 | Juniper Networks, Inc. | Application records using session information |
US20220116403A1 (en) * | 2021-12-22 | 2022-04-14 | Intel Corporation | Telemetry restriction mechanism |
CN114422213B (en) * | 2021-12-31 | 2023-07-25 | 南京邮电大学 | INT-based abnormal flow detection method and device |
CN114666681B (en) * | 2022-03-21 | 2024-05-10 | 厦门大学 | Stateful in-band network telemetry method and system |
CN115622814B (en) * | 2022-12-19 | 2023-03-10 | 北京六方云信息技术有限公司 | HTTP tunnel detection method, device and equipment based on depth self-encoder |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3382960A2 (en) * | 2017-03-27 | 2018-10-03 | Cisco Technology, Inc. | Machine learning-based traffic classification using compressed network telemetry data |
CN110113349A (en) * | 2019-05-15 | 2019-08-09 | 北京工业大学 | A kind of malice encryption traffic characteristics analysis method |
US20190349403A1 (en) * | 2018-05-11 | 2019-11-14 | Cisco Technology, Inc. | Detecting targeted data exfiltration in encrypted traffic |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8813220B2 (en) * | 2008-08-20 | 2014-08-19 | The Boeing Company | Methods and systems for internet protocol (IP) packet header collection and storage |
WO2015113036A1 (en) | 2014-01-27 | 2015-07-30 | Vencore Labs, Inc. | System and method for network traffic profiling and visualization |
US10645002B2 (en) * | 2014-06-20 | 2020-05-05 | Hewlett Packard Enterprise Development Lp | System, apparatus and method for managing redundancy elimination in packet storage during observation of data movement |
US9961105B2 (en) * | 2014-12-31 | 2018-05-01 | Symantec Corporation | Systems and methods for monitoring virtual networks |
US10237068B2 (en) | 2015-04-27 | 2019-03-19 | Cisco Technology, Inc. | Network path proof of transit using in-band metadata |
US10362373B2 (en) | 2016-01-07 | 2019-07-23 | Cisco Technology, Inc. | Network telemetry with byte distribution and cryptographic protocol data elements |
US11323862B2 (en) * | 2016-05-06 | 2022-05-03 | Convida Wireless, Llc | Traffic steering at the service layer |
FR3064356B1 (en) | 2017-03-27 | 2019-06-07 | Centre Technique Des Industries Mecaniques Et Du Decolletage | MEASUREMENT OF MILLING EFFORTS |
US10341748B2 (en) | 2017-07-05 | 2019-07-02 | Infinera Corporation | Packet-optical in-band telemetry (POINT) framework |
US11159386B2 (en) * | 2019-03-14 | 2021-10-26 | Cisco Technology, Inc. | Enriched flow data for network analytics |
US10887187B2 (en) * | 2019-05-14 | 2021-01-05 | At&T Mobility Ii Llc | Integration of a device platform with a core network or a multi-access edge computing environment |
US11146463B2 (en) * | 2019-06-05 | 2021-10-12 | Cisco Technology, Inc. | Predicting network states for answering what-if scenario outcomes |
-
2019
- 2019-11-25 US US16/693,885 patent/US11563771B2/en active Active
-
2020
- 2020-11-18 EP EP20208474.5A patent/EP3826261B1/en active Active
- 2020-11-18 EP EP23201071.0A patent/EP4277207A3/en active Pending
-
2023
- 2023-01-23 US US18/100,502 patent/US11979430B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3382960A2 (en) * | 2017-03-27 | 2018-10-03 | Cisco Technology, Inc. | Machine learning-based traffic classification using compressed network telemetry data |
US20190349403A1 (en) * | 2018-05-11 | 2019-11-14 | Cisco Technology, Inc. | Detecting targeted data exfiltration in encrypted traffic |
CN110113349A (en) * | 2019-05-15 | 2019-08-09 | 北京工业大学 | A kind of malice encryption traffic characteristics analysis method |
Non-Patent Citations (2)
Title |
---|
SCHOINIANAKIS DIMITRIOS ET AL: "MDiET: Malware Detection in Encrypted Traffic", HCI 2014 - SAND, SEA AND SKY - HOLIDAY HCI, 10 September 2019 (2019-09-10), First Floor, Block D, North Star House, North Star Avenue Swindon SN2 1FA UK, pages 31 - 37, XP055792996, ISSN: 1477-9358, DOI: 10.14236/ewic/icscsr19.4 * |
YAACOUBI OMAR: "The rise of encrypted malware", NETWORK SECURITY, vol. 2019, no. 5, 1 May 2019 (2019-05-01), pages 6 - 9, XP085695354, ISSN: 1353-4858, DOI: 10.1016/S1353-4858(19)30059-5 * |
Also Published As
Publication number | Publication date |
---|---|
EP3826261A1 (en) | 2021-05-26 |
US20230239319A1 (en) | 2023-07-27 |
EP4277207A2 (en) | 2023-11-15 |
US11563771B2 (en) | 2023-01-24 |
US20210160275A1 (en) | 2021-05-27 |
EP3826261B1 (en) | 2023-11-08 |
US11979430B2 (en) | 2024-05-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP4277207A3 (en) | Network telemetry collection with packet metadata filtering | |
DE602007010662D1 (en) | IMPROVED HEADER COMPRESSION IN A WIRELESS COMMUNICATION NETWORK | |
WO2012177763A3 (en) | Method and apparatus for video aware bandwidth aggregation and/or management | |
WO2008142455A3 (en) | A method and system for the creation, management and authentication of links between entities | |
WO2006096557A3 (en) | Restructuring data packets to improve voice quality at low bandwidth conditions in wireless networks | |
EP1764980B8 (en) | Method and apparatus for packet segmentation and concatenation signaling in a communication system | |
WO2006127176A3 (en) | Separating control and data in wireless networks | |
EP4040727A4 (en) | Network data collection method, device and system | |
WO2016105472A3 (en) | Redundant links for reliable communication | |
EP2194671A3 (en) | Efficient key derivation for end-to-end network security with traffic visibility | |
WO2008112466A3 (en) | Real-time sessions for wireless mesh networks | |
PH12019502798A1 (en) | Data transmission method, terminal device, and network device | |
EP1345363A3 (en) | Scalable packet filter for a network device | |
EP3855791A4 (en) | Information reporting method, information receiving method, terminal, and network device | |
WO2005119991A3 (en) | System and method for increasing the range or bandwidth of a wireless digital communication network | |
WO2011159780A3 (en) | Method and apparatus pertaining to the assessment of mobile communications network infrastructure latency through high-speed channels | |
EP3177064A3 (en) | Dynamic traffic shaping for communication networks in moving vehicles, such as trains | |
EP3625932A4 (en) | Wireless communication access node (wcan) device based policy enforcement and statistics collection in anchorless communication systems | |
DE602004007413D1 (en) | OPTIMIZING RESOURCE USE IN A PACKAGED NETWORK | |
DE112016006850T5 (en) | Avoid discarding critical video data in a Modem Long Term Evolution stack | |
EP3913959A4 (en) | Information reporting method, receiving method, terminal device, and network device | |
WO2013152229A2 (en) | Systems and methods for selective data redundancy elimination for resource constrained hosts | |
EP4017101A4 (en) | Status information reporting method, terminal and network device | |
EP3742778A4 (en) | Resource reporting method, terminal device, and network device | |
WO2007133998A3 (en) | Efficient modification of packet filters in a wireless communication network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AC | Divisional application: reference to earlier application |
Ref document number: 3826261 Country of ref document: EP Kind code of ref document: P |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/40 20220101AFI20240116BHEP |